Package: bind9 Version: 1:9.5.0.dfsg.P1-2.1 Severity: important Tags: patch
Bind9 was failing with this message in daemon.log:
named[15418]: acl.c:403: INSIST(0) failed
Turns out its caused by this sort of construct:
acl a { key a_tsig_key; }
acl b { "a"; localhost; }
When acl b is created, acl a is merged into it. The insertion
point for the next element isn't adjusted after the merge so
the localhost entry then overwrites the "key a_tsig_key" entry.
The one line patch attached fixes the problem. It doesn't
happen in sarge's bind9. I didn't go looking why.
Can you please, pretty please, ensure this is fixed in
lenny.
-- System Information:
Debian Release: 3.1
Architecture: i386 (i686)
Kernel: Linux 2.6.17-8.1-lube-686-smp
Locale: LANG=en_AU, LC_CTYPE=en_AU (charmap=ISO-8859-1)
Versions of packages bind9 depends on:
ii adduser 3.63 Add and remove users and groups
ii bind9utils 1:9.5.0.dfsg.P1-2.1 Utilities for BIND
ii debconf [debconf-2.0 1.4.30.13 Debian configuration management sy
ii libbind9-40 1:9.5.0.dfsg.P1-2.1 BIND9 Shared Library used by BIND
ii libc6 2.3.2.ds1-22sarge6 GNU C Library: Shared libraries an
ii libdb4.3 4.3.27-2 Berkeley v4.3 Database Libraries [
ii libdns43 1:9.5.0.dfsg.P1-2.1 DNS Shared Library used by BIND
ii libisc41 1:9.5.0.dfsg.P1-2.1 ISC Shared Library used by BIND
ii libisccc40 1:9.5.0.dfsg.P1-2.1 Command Channel Library used by BI
ii libisccfg40 1:9.5.0.dfsg.P1-2.1 Config File Handling Library used
ii libkrb53 1.3.6-2sarge6 MIT Kerberos runtime libraries
ii libldap2 2.1.30-8 OpenLDAP libraries
ii liblwres40 1:9.5.0.dfsg.P1-2.1 Lightweight Resolver Library used
ii libssl0.9.8 0.9.8g-10.1 SSL shared libraries
ii libxml2 2.6.16-7sarge1 GNOME XML library
ii lsb-base 3.0-11 Linux Standard Base 3.0 init scrip
ii netbase 4.21 Basic TCP/IP networking system
ii zlib1g 1:1.2.2-4.sarge.2 compression library - runtime
-- debconf information:
bind9/different-configuration-file:
bind9/run-resolvconf: false
bind9/start-as-user: bind
dns_acl_merge-bug.dpatch
Description: application/shellscript
